diff options
| author | elijah <elijah@riseup.net> | 2015-07-21 17:51:08 -0700 |
|---|---|---|
| committer | elijah <elijah@riseup.net> | 2015-07-21 17:51:08 -0700 |
| commit | 5aec93cdaf1082df4edc6fa3d439e01311b0f249 (patch) | |
| tree | 875c76f28c9219c1035cf932feb26c215d04ff4c /pages/docs/platform/guide/keys-and-certificates.md | |
| parent | 242bd702ee7ca5edcf8e92156d09fe9e7f0ee961 (diff) | |
updated platform documentation, esp. provider configuration.
Diffstat (limited to 'pages/docs/platform/guide/keys-and-certificates.md')
| -rw-r--r-- | pages/docs/platform/guide/keys-and-certificates.md | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/pages/docs/platform/guide/keys-and-certificates.md b/pages/docs/platform/guide/keys-and-certificates.md index aef02ac..e0fd314 100644 --- a/pages/docs/platform/guide/keys-and-certificates.md +++ b/pages/docs/platform/guide/keys-and-certificates.md @@ -86,6 +86,13 @@ Suppose you want to remove `userx` from having any further ssh access to the ser X.509 Certificates ================================ +NOTE: the following files are extremely sensitive and must be carefully protected: + +* `files/ca/ca.key` +* `files/<domain>.key` (where "domain" is the primary domain of the provider). + +These files must be kept private and you must not lose them. All the other key files can be regenerated if you lose them or if they are compromised. + Configuration options ------------------------------------------- @@ -192,3 +199,10 @@ If you want to add additional fields to the CSR, like country, city, or locality } If they are not present, the CSR will be created without them. + +Examine Certs +----------------- + +To see details about the keys and certs you can use `leap inspect` like so: + + $ leap inspect files/ca/ca.crt |